Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2019-04-04 CVE-2019-6553 Out-of-bounds Write vulnerability in Rockwellautomation Rslinx
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior.
network
low complexity
rockwellautomation CWE-787
critical
9.8
2019-03-27 CVE-2018-19016 Improper Input Validation vulnerability in Rockwellautomation products
Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier.
network
low complexity
rockwellautomation CWE-20
7.5
2019-03-26 CVE-2013-2805 Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field.
network
low complexity
rockwellautomation CWE-125
7.5
2019-03-26 CVE-2010-5305 Improper Access Control vulnerability in Rockwellautomation products
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers.
network
low complexity
rockwellautomation CWE-284
critical
9.8
2019-03-26 CVE-2013-2807 Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field.
network
low complexity
rockwellautomation CWE-125
7.5
2019-03-26 CVE-2013-2806 Integer Overflow or Wraparound vulnerability in Rockwellautomation Rslinx Enterprise
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field.
network
low complexity
rockwellautomation CWE-190
7.5
2019-01-24 CVE-2018-18981 Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Services Platform
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.
network
low complexity
rockwellautomation CWE-787
7.5
2018-12-26 CVE-2018-19616 Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000.
network
high complexity
rockwellautomation CWE-287
8.1
2018-12-26 CVE-2018-19615 Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions.
network
low complexity
rockwellautomation CWE-79
6.1
2018-12-07 CVE-2018-17924 Missing Authentication for Critical Function vulnerability in Rockwellautomation products
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode.
network
low complexity
rockwellautomation CWE-306
8.6